Prosím o kontrolu

Zpráva

kuntakinte · #1 Příspěvek od **kuntakinte** » 16 dub 2013 20:31

Dobrý večer, chtěl bych poprosit o preventivku PC.

RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Ivan at 2013-04-16 21:27:59
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 82 GB (62%) free of 131 GB
Total RAM: 2046 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:28:04, on 16.4.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Online Armor\OAcat.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\Online Armor\OAui.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Documents and Settings\All Users\Application Data\Boxtools\Toolbox.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Philips\Philips SPC315NC Webcam\TrayMin315.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ivan\Desktop\RSIT.exe
C:\Program Files\trend micro\Ivan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Online Armor\OAui.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE %;USB\VID_0AC8&PID_0302.DeviceDesc%
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Boxoft Tools] "C:\Documents and Settings\All Users\Application Data\Boxtools\Boxofttoolbox.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: EasySetPackage.lnk = ?
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
O4 - Global Startup: TrayMin315.exe.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1273EFA-CCED-4589-BD26-4A982EE730C2}: NameServer = 195.168.1.2,195.168.1.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Online Armor\OAcat.exe
O23 - Service: Acronis OS Selector activator (OS Selector) - Unknown owner - C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Online Armor\oasrv.exe

--
End of file - 9631 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\epzki1tf.default

prefs.js - "browser.startup.homepage" - "www.google.com"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.180 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
yahoo.xml
zoznam-sk.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll [2013-02-23 1352512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\7.0\pdfforgeToolbarIE.dll [2013-02-23 1352512]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-04-13 69632]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2011-12-06 20065384]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2011-04-07 2565520]
"CanonSolutionMenuEx"=C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [2011-03-28 1611160]
"IJNetworkScannerSelectorEX"=C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [2011-01-16 452016]
"@OnlineArmor GUI"=C:\Program Files\Online Armor\OAui.exe [2012-10-03 2415104]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
""= []
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2013-02-23 1297728]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2013-03-27 345312]
"BigDogPath"=C:\WINDOWS\VM_STI.EXE [2004-06-09 40960]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012-12-06 4763008]
"Boxoft Tools"=C:\Documents and Settings\All Users\Application Data\Boxtools\Boxofttoolbox.exe [2010-12-15 514048]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared Files\brs.exe [2009-03-01 75048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [2008-10-14 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-02-16 87336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2012-02-01 17147528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2011-12-09 74752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Philips SA52XX Device Manager.lnk]
C:\PROGRA~1\Philips\SA52XX~1\SA52XX~1.EXE [2009-01-16 1384448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
EasySetPackage.lnk - C:\Program Files\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
TrayMin315.exe.lnk - C:\Program Files\Philips\Philips SPC315NC Webcam\TrayMin315.exe

C:\Documents and Settings\Ivan\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-12-06 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\ONLINE~2\oaevent.dll [2012-10-03 366440]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-19 113024]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe"="C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe:LocalSubNet:Enabled:ArcSoft TotalMedia 3.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe"="C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:*:Enabled:FlatOut Ultimate Carnage"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe"="C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Ubisoft\Might & Magic Heroes VI\Might & Magic Heroes VI.exe"="C:\Program Files\Ubisoft\Might & Magic Heroes VI\Might & Magic Heroes VI.exe:*:Enabled:Might & Magic Heroes VI"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.ACDV"=ACDV.dll
"msacm.lameacm"=LameACM.acm
"VIDC.FFDS"=ff_vfw.dll

======List of files/folders created in the last 1 month======

2013-04-11 23:28:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2808735$
2013-04-11 23:28:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2820917$
2013-04-11 23:25:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2813345$
2013-04-11 23:25:42 ----A---- C:\WINDOWS\imsins.BAK
2013-04-11 23:25:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2813170$
2013-04-02 15:29:47 ----A---- C:\WINDOWS\VMCap.exe
2013-04-02 15:29:47 ----A---- C:\WINDOWS\VM_STI.EXE
2013-04-02 15:29:47 ----A---- C:\WINDOWS\system32\VM31bSTI.dll
2013-04-02 15:29:47 ----A---- C:\WINDOWS\system32\drivers\usbVM31b.sys
2013-04-02 15:29:47 ----A---- C:\WINDOWS\amcap.exe
2013-03-22 01:13:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2807986$
2013-03-20 14:10:55 ----D---- C:\Documents and Settings\Ivan\Application Data\Avira
2013-03-20 14:05:20 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2013-03-20 14:05:18 ----A---- C:\WINDOWS\system32\drivers\avkmgr.sys
2013-03-20 14:05:18 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2013-03-20 14:05:18 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2013-03-20 14:05:13 ----D---- C:\Program Files\Avira
2013-03-20 14:05:13 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2013-03-19 19:55:44 ----D---- C:\Documents and Settings\Ivan\Application Data\Search Settings
2013-03-19 19:55:37 ----D---- C:\Program Files\Application Updater
2013-03-19 19:55:36 ----D---- C:\Program Files\pdfforge Toolbar
2013-03-19 19:55:36 ----D---- C:\Program Files\Common Files\Spigot
2013-03-19 19:55:11 ----A---- C:\WINDOWS\system32\pdfcmnnt.dll
2013-03-19 19:55:09 ----A---- C:\WINDOWS\system32\MSMPIDE.DLL
2013-03-19 19:55:08 ----D---- C:\Program Files\PDFCreator

======List of files/folders modified in the last 1 month======

2013-04-16 21:28:04 ----D---- C:\WINDOWS\temp
2013-04-16 21:28:00 ----D---- C:\Program Files\trend micro
2013-04-16 21:27:44 ----D---- C:\WINDOWS\Prefetch
2013-04-16 20:55:23 ----D---- C:\WINDOWS\system32\CatRoot2
2013-04-16 20:02:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-04-14 00:14:53 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-04-12 13:52:26 ----D---- C:\Documents and Settings\Ivan\Application Data\uTorrent
2013-04-12 12:36:14 ----D---- C:\Program Files\Mozilla Firefox
2013-04-12 12:35:56 ----RD---- C:\Program Files
2013-04-12 09:00:12 ----D---- C:\WINDOWS
2013-04-12 08:59:22 ----D---- C:\WINDOWS\system32
2013-04-11 23:28:46 ----HD---- C:\WINDOWS\inf
2013-04-11 23:28:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-04-11 23:28:40 ----D---- C:\Program Files\Internet Explorer
2013-04-11 23:28:28 ----D---- C:\WINDOWS\ie8updates
2013-04-11 23:28:24 ----HD---- C:\WINDOWS\$hf_mig$
2013-04-11 23:25:57 ----D---- C:\WINDOWS\Debug
2013-04-11 23:25:52 ----A---- C:\WINDOWS\system32\MRT.exe
2013-04-11 00:04:58 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2013-04-10 17:05:03 ----A---- C:\WINDOWS\wincmd.ini
2013-04-10 13:07:56 ----D---- C:\WINDOWS\system32\NtmsData
2013-04-10 13:07:24 ----SHD---- C:\System Volume Information
2013-04-10 13:07:10 ----D---- C:\WINDOWS\Registration
2013-04-10 00:17:35 ----D---- C:\WINDOWS\system32\config
2013-04-07 21:52:16 ----RSD---- C:\WINDOWS\Fonts
2013-04-06 21:02:02 ----D---- C:\WINDOWS\system32\Restore
2013-04-02 15:43:36 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2013-04-02 15:40:15 ----D---- C:\WINDOWS\twain_32
2013-04-02 15:40:14 ----D---- C:\WINDOWS\system32\drivers
2013-04-02 15:29:47 ----HD---- C:\Program Files\InstallShield Installation Information
2013-04-02 15:29:47 ----D---- C:\Program Files\Philips
2013-04-01 23:41:37 ----D---- C:\Documents and Settings\Ivan\Application Data\Winamp
2013-04-01 18:45:10 ----D---- C:\Documents and Settings\All Users\Application Data\Origin
2013-03-31 20:39:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-03-24 11:05:01 ----SHD---- C:\WINDOWS\Installer
2013-03-24 11:04:37 ----D---- C:\Program Files\Google
2013-03-20 14:07:29 ----D---- C:\WINDOWS\system32\CatRoot
2013-03-19 19:55:36 ----D---- C:\Program Files\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2012-02-14 170080]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2011-03-18 25240]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2012-02-13 685816]
R1 archlp;archlp; C:\WINDOWS\system32\drivers\archlp.sys [2009-02-20 127744]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2013-03-27 135136]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2013-03-27 37352]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys []
R1 oahlpXX;Online Armor helper driver; \??\C:\WINDOWS\system32\drivers\oahlp32.sys []
R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys []
R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2013-03-20 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2012/02/13 08:14:55]; \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2013-03-27 84744]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-11 18688]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-12-06 7490560]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-21 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-12-14 7069288]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2012-09-29 47360]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2011-12-09 327400]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 AF9035HB;AF9035 Hybrid Device; C:\WINDOWS\System32\Drivers\AF9035HB.sys [2012-02-13 855808]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 aqgt1q2r;aqgt1q2r; C:\WINDOWS\system32\drivers\aqgt1q2r.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 LGDDCDevice;LGDDCDevice; \??\C:\WINDOWS\system32\LGI2CDriver.sys []
S3 LGII2CDevice;LGII2CDevice; \??\C:\WINDOWS\system32\LGPII2CDriver.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\Ivan\LOCALS~1\Temp\mbr.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vtcdrv;Philips SA52xx Recovery Device; C:\WINDOWS\System32\Drivers\vtcdrv.sys [2008-05-09 18560]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 ZSMC301b;Philips SPC315NC Webcam; C:\WINDOWS\System32\Drivers\usbVM31b.sys [2005-02-26 91527]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2012-09-10 116608]
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2013-03-27 110816]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2013-03-27 86752]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2013-02-23 805752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-12-06 643072]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2011-02-07 138192]
R2 OAcat;Online Armor Helper Service; C:\Program Files\Online Armor\OAcat.exe [2012-10-03 216072]
R2 OS Selector;Acronis OS Selector activator; C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-05-26 2139400]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 SvcOnlineArmor;Online Armor; C:\Program Files\Online Armor\oasrv.exe [2012-10-03 4463864]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-06-03 593920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-07 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-02-01 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-13 253656]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-30 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-07 116648]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-30 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-04-12 115608]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-27 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-30 132096]

-----------------EOF-----------------

DDS:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Ivan at 21:26:55 on 2013-04-16
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.2046.1219 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Online Armor\OAcat.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\Online Armor\OAui.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Documents and Settings\All Users\Application Data\Boxtools\Toolbox.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Philips\Philips SPC315NC Webcam\TrayMin315.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\uWDF.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: pdfforge Toolbar: {B922D405-6D13-4A2B-AE89-08A030DA4402} - c:\program files\pdfforge toolbar\ie\7.0\pdfforgeToolbarIE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: pdfforge Toolbar: {B922D405-6D13-4A2B-AE89-08A030DA4402} - c:\program files\pdfforge toolbar\ie\7.0\pdfforgeToolbarIE.dll
TB: pdfforge Toolbar: {B922D405-6D13-4A2B-AE89-08A030DA4402} - c:\program files\pdfforge toolbar\ie\7.0\pdfforgeToolbarIE.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Boxoft Tools] "c:\documents and settings\all users\application data\boxtools\Boxofttoolbox.exe" -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [IJNetworkScannerSelectorEX] c:\program files\canon\ij network scanner selector ex\CNMNSST.exe /FORCE
mRun: [@OnlineArmor GUI] "c:\program files\online armor\OAui.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [BigDogPath] c:\windows\vm_sti.exe %;usb\VID_0AC8&PID_0302.DeviceDesc%
StartupFolder: c:\docume~1\ivan\startm~1\programs\startup\vezyob~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\easyse~1.lnk - c:\program files\lg soft india\easysetpackage\bin\EasySetPackage.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tmmoni~1.lnk - c:\program files\arcsoft\totalmedia 3.5\TMMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\traymi~1.lnk - c:\program files\philips\philips spc315nc webcam\TrayMin315.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
TCP: NameServer = 195.34.133.21 212.186.211.21
TCP: Interfaces\{A1273EFA-CCED-4589-BD26-4A982EE730C2} : NameServer = 195.168.1.2,195.168.1.4
TCP: Interfaces\{E21B7D41-A697-4C46-B291-A8E0AA9A8FF3} : DHCPNameServer = 195.34.133.21 212.186.211.21
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - c:\program files\online armor\oaevent.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ivan\application data\mozilla\firefox\profiles\epzki1tf.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\ivan\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypc.dll
FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypchub.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - ExtSQL: 2013-03-19 18:55; pdfforge@mybrowserbar.com; c:\program files\pdfforge toolbar\FF
.
============= SERVICES / DRIVERS ===============
.
R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [2012-2-13 127744]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-3-20 37352]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2012-2-13 208320]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2012-2-13 44992]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2012-2-13 27648]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2012-2-13 31920]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-12 116608]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2012/02/13 08:14:55];c:\program files\cyberlink\powerdvd9\000.fcl [2009-3-1 87536]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-3-20 110816]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-3-20 86752]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2013-2-23 805752]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-3-20 84744]
R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2012-2-13 216072]
R2 OS Selector;Acronis OS Selector activator;c:\program files\acronis\diskdirector\oss\reinstall_svc.exe [2010-5-26 2139400]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 SvcOnlineArmor;Online Armor;c:\program files\online armor\OAsrv.exe [2012-2-13 4463864]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-1 158856]
S3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\drivers\AF9035HB.sys [2012-2-13 855808]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-2-13 1691480]
S3 LGDDCDevice;LGDDCDevice;c:\windows\system32\LGI2CDriver.sys [2012-2-13 16384]
S3 LGII2CDevice;LGII2CDevice;c:\windows\system32\LGPII2CDriver.sys [2012-2-13 19456]
S3 vtcdrv;Philips SA52xx Recovery Device;c:\windows\system32\drivers\vtcdrv.sys [2012-5-29 18560]
.
=============== File Associations ===============
.
ShellExec: DigitalTheatre.exe: open="c:\program files\arcsoft\totalmedia theatre\uDTStart.exe" "%1"
.
=============== Created Last 30 ================
.
2013-04-12 10:36:04 26520 ----a-w- c:\program files\mozilla firefox\plugin-hang-ui.exe
2013-04-02 13:29:47 91527 ----a-w- c:\windows\system32\drivers\usbVM31b.sys
2013-04-02 13:29:47 61440 ----a-w- c:\windows\system32\VM31bSTI.dll
2013-04-02 13:29:47 53248 ----a-w- c:\windows\amcap.exe
2013-04-02 13:29:47 40960 ----a-w- c:\windows\VM_STI.EXE
2013-04-02 13:29:47 262254 ----a-w- c:\windows\system32\VM31bPrp.Ax
2013-04-02 13:29:47 147456 ----a-w- c:\windows\VMCap.exe
2013-03-21 18:36:03 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-21 18:36:03 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-03-20 12:10:55 -------- d-----w- c:\documents and settings\ivan\application data\Avira
2013-03-20 12:05:18 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-20 12:05:18 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-20 12:05:13 -------- d-----w- c:\program files\Avira
2013-03-20 12:05:13 -------- d-----w- c:\documents and settings\all users\application data\Avira
2013-03-19 17:55:44 -------- d-----w- c:\documents and settings\ivan\application data\Search Settings
2013-03-19 17:55:37 -------- d-----w- c:\program files\Application Updater
2013-03-19 17:55:36 -------- d-----w- c:\program files\pdfforge Toolbar
2013-03-19 17:55:36 -------- d-----w- c:\program files\common files\Spigot
2013-03-19 17:55:11 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2013-03-19 17:55:11 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2013-03-19 17:55:11 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2013-03-19 17:55:09 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2013-03-19 17:55:08 -------- d-----w- c:\program files\PDFCreator
.
==================== Find3M ====================
.
2013-03-13 18:47:18 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 18:47:18 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06:31 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06:30 43520 ------w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08:47 385024 ------w- c:\windows\system32\html.iec
2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
.
============= FINISH: 21:27:39,76 ===============

#2 Příspěvek od **vyosek** » 16 dub 2013 20:53

Zdravim

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Prohledat
Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

kuntakinte · #3 Příspěvek od **kuntakinte** » 17 dub 2013 09:02

# AdwCleaner v2.200 - Logfile created 04/17/2013 at 10:01:44
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Ivan - IVAN-E7371C4634
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Ivan\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

Found : Application Updater

***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Found : C:\Documents and Settings\Ivan\Application Data\Search Settings
Folder Found : C:\Program Files\Application Updater
Folder Found : C:\Program Files\Common Files\spigot
Folder Found : C:\Program Files\pdfforge Toolbar

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\pdfforge
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\pdfforge
Key Found : HKCU\Software\Search Settings
Key Found : HKLM\Software\Application Updater
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Found : HKLM\Software\pdfforge
Key Found : HKLM\Software\Search Settings
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (sk)

File : C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\epzki1tf.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ydwysbl0.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.1.1532.0

File : C:\Documents and Settings\Ivan\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2651 octets] - [17/04/2013 10:01:44]

########## EOF - C:\AdwCleaner[R1].txt - [2711 octets] ##########

#4 Příspěvek od **vyosek** » 17 dub 2013 11:45

Spustte znovu AdwCleaner

Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Smazat
PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

kuntakinte · #5 Příspěvek od **kuntakinte** » 17 dub 2013 11:58

Díky, šiel som podľa návodu, len po reštarte to Windows pochopil ako obnovenie systému po vážnej chybe a Online Armor mi vyhodil nejaký dumpfile (ktorý môžem submit, delete alebo close), pričom akosi neviem veľmi čo tým chce povedať

Tu je log:

# AdwCleaner v2.200 - Logfile created 04/17/2013 at 12:51:35
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Ivan - IVAN-E7371C4634
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Ivan\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : Application Updater

***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\Ivan\Application Data\Search Settings
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Program Files\pdfforge Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\pdfforge
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\pdfforge
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Deleted : HKLM\Software\pdfforge
Key Deleted : HKLM\Software\Search Settings
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (sk)

File : C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\epzki1tf.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ydwysbl0.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.1.1532.0

File : C:\Documents and Settings\Ivan\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2780 octets] - [17/04/2013 10:01:44]
AdwCleaner[S1].txt - [2765 octets] - [17/04/2013 12:51:35]

########## EOF - C:\AdwCleaner[S1].txt - [2825 octets] ##########

#6 Příspěvek od **vyosek** » 17 dub 2013 12:01

Tak na to pujdem jinak

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

kuntakinte · #7 Příspěvek od **kuntakinte** » 17 dub 2013 12:46

OTL Extras logfile created on: 17.4.2013 13:24:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Ivan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovensko | Language: SKY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 64,42% Memory free
3,85 Gb Paging File | 2,92 Gb Available in Paging File | 75,94% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127,87 Gb Total Space | 79,63 Gb Free Space | 62,28% Space Free | Partition Type: NTFS
Drive D: | 67,44 Gb Total Space | 55,92 Gb Free Space | 82,92% Space Free | Partition Type: NTFS
Drive E: | 503,33 Gb Total Space | 11,19 Gb Free Space | 2,22% Space Free | Partition Type: NTFS

Computer Name: IVAN-E7371C4634 | User Name: Ivan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.jse [@ = JSEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-583907252-412668190-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe" = C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe:LocalSubNet:Enabled:ArcSoft TotalMedia 3.5 -- (ArcSoft, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe" = C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts)
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe" = C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts)
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe" = C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box -- (Electronic Arts)
"C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe" = C:\Program Files\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:*:Enabled:FlatOut Ultimate Carnage -- (Empire Interactive Ltd.)
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper -- (Opera Software)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- ()
"C:\Program Files\Ubisoft\Might & Magic Heroes VI\Might & Magic Heroes VI.exe" = C:\Program Files\Ubisoft\Might & Magic Heroes VI\Might & Magic Heroes VI.exe:*:Enabled:Might & Magic Heroes VI -- (Black Hole Entertainment)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{03E494A7-F504-DA41-3079-9E2FB36736BC}" = CCC Help English
"{04A94422-A264-81D4-D65E-87276F5B402D}" = Catalyst Control Center Localization Italian
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{09C6A4C7-A2D2-1DD9-A81C-44C30042A00C}" = CCC Help Greek
"{0A173336-214D-0609-4897-5E2547D0395D}" = CCC Help Dutch
"{0E73A14F-23FD-E1B8-ED38-108ECFA08440}" = Catalyst Control Center Localization Portuguese
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{14BC810B-5907-B9C3-B2F4-12D5EEA253F4}" = Catalyst Control Center Graphics Previews Common
"{1B9E212F-DFDC-F1D4-D1FD-986149513125}" = CCC Help Russian
"{1CAEFAE2-D12E-CA26-62BC-DF452004B3B1}" = CCC Help Swedish
"{1D9B2B74-82B1-9CE7-0A9A-6234008D11EE}" = CCC Help Polish
"{23655B51-F898-DC12-A2A1-3348D875F659}" = CCC Help Czech
"{25611B0A-54C2-69B9-723D-668201C22CD4}" = ccc-core-static
"{266725C1-716F-43AC-BBFB-4201131ED656}" = EasySetPackage
"{27F38AC0-298C-F7E2-F3AE-F7D12BBBE9D5}" = CCC Help Chinese Traditional
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{30B695C3-C7B0-69E1-197B-409587BC1FD7}" = CCC Help Norwegian
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3828EC4B-D4B9-A742-4D81-9C0A3C72DF8A}" = CCC Help English
"{399B10AC-4E84-20F8-5913-82526B16F561}" = Catalyst Control Center Graphics Light
"{3EC34F85-AF61-5B18-42D6-306B6B80E92E}" = Catalyst Control Center Localization Swedish
"{406AE7DC-5FD1-FC3A-00F5-024AD25DF01B}" = CCC Help Danish
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A742CBE-078E-03FF-C7D5-B3E1B676BDF2}" = CCC Help Czech
"{4B494547-1410-C77E-B6F0-86F394ABAF94}" = CCC Help Hungarian
"{4B6DD00B-BC05-185B-BE8B-997A23B367C4}" = CCC Help Chinese Traditional
"{4D7E8B72-AEA2-8493-F5F3-DA10E2EE2D22}" = Catalyst Control Center Localization Chinese Traditional
"{55663DF0-3559-AE1E-0B9E-ED5353914B5D}" = CCC Help Japanese
"{59F83B00-970D-511C-D9DE-52B233780020}" = CCC Help Portuguese
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5F1AE198-965A-C65D-218A-B76F19B86BEC}" = CCC Help German
"{5FEEB4D3-31F1-FF10-5F61-A988CD44CA59}" = CCC Help Hungarian
"{6294CE03-1A16-4610-891E-FDAF9A585A54}" = SA52xx Device Manager
"{64ACFE24-FB82-84A6-9FB8-B90539752E5B}" = Catalyst Control Center Localization German
"{651CD0A0-8B64-B3F1-23B9-294C39F09A31}" = CCC Help Finnish
"{68DD4EAE-C5E4-1E34-F991-B99ABA6DC8E3}" = Catalyst Control Center Graphics Full New
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5
"{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.5.3.139
"{77514C51-66D9-2F7C-56D8-5495B8CFAF5E}" = CCC Help French
"{792A669E-71A6-9210-2C06-3FCF0DDFC4C5}" = Catalyst Control Center Localization All
"{7F4C1C17-C647-3CE0-4426-F368132A66A6}" = CCC Help Turkish
"{81946C2A-5269-A6F5-4566-A9F253007A7E}" = Catalyst Control Center Localization Turkish
"{81A917A1-DBA3-3639-53DA-B6E833D41A57}" = ccc-utility
"{860BD052-49CB-7220-8792-15523D08C2A2}" = CCC Help Korean
"{8615E5FC-8906-AACF-5A1A-FB65046F647B}" = CCC Help Swedish
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8959A774-3FB3-B315-ACDF-4B7B70F5A169}" = Catalyst Control Center Core Implementation
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8A1B4217-B443-4680-9411-193A3912230D}" = ArcSoft TotalMedia Theatre
"{8C93615B-5333-B61B-625E-0D4DCD9E09CA}" = CCC Help Norwegian
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{906B417C-6F6C-2A5A-DB5E-5C7499941C58}" = CCC Help Spanish
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{93CB830F-517E-1695-C61B-2A1AA105CD78}" = Catalyst Control Center Localization French
"{94F3D243-2006-4B2D-9160-C2A33F74BB84}" = Windows Media Center Edition MPEG Codec Plug-in
"{95DCA618-9717-BBD3-B438-A5A9B1EB30C8}" = CCC Help German
"{984880C1-7AC7-5267-A7D9-AEC19C932950}" = Catalyst Control Center Graphics Full Existing
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3F8688-4F15-B77D-73A1-B0363517D1B1}" = Catalyst Control Center Localization Danish
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9B1BFDE6-3B65-FB41-BC54-353227EE742A}" = CCC Help Italian
"{9C2B41C5-919A-7037-F5E8-42A5E90873B8}" = Catalyst Control Center Graphics Previews Common
"{9CCC78EF-027E-40E0-9B61-39932C65E3FE}" = Acronis Disk Director Home
"{A0793FD9-9505-BF02-FF47-83C984DC814B}" = Catalyst Control Center Localization Chinese Standard
"{A0A087E5-149E-EC75-F45D-3A3C04344B4A}" = Catalyst Control Center Graphics Previews Common
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A32A0DF0-6650-6503-293D-64AAF212CBF8}" = Catalyst Control Center Localization Japanese
"{A44D0AC2-0891-5AB9-EE23-3EF3339BC2FE}" = Catalyst Control Center Localization Russian
"{A54BEBF5-D7F9-2B34-6475-FB07780C80CA}" = Catalyst Control Center Localization Polish
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Photo Manager 12
"{A72FC039-FE41-4BAD-B36E-64368EC54B54}" = ArcSoft MediaConverter 2.5
"{A8280D9A-D6A4-1E52-E85F-99E3BB19CEEA}" = Catalyst Control Center Localization Czech
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A960DA53-C5C4-37A4-3671-C0236BF41E99}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Czech
"{ADD24D05-DDEA-39CB-0E92-AA371AEE2894}" = Catalyst Control Center InstallProxy
"{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1" = xrecode II 1.0.0.198
"{B0D2BC40-119B-AD18-E697-E6073DD6D149}" = ccc-utility
"{B2420CAA-ADC1-8581-938A-2B25C22EF17A}" = ccc-utility
"{B2C78A98-20EA-D90A-69E3-B15587D51588}" = CCC Help Thai
"{B59DA9F5-3630-FFF1-C47C-B2CA172CF876}" = CCC Help Polish
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B81D9181-67D7-6A90-78EA-34108EBBCF7F}" = CCC Help Thai
"{B84AE471-81DD-D81F-CD20-B3464877E525}" = Skins
"{BA314F9D-8401-1E44-11BF-F112E93F465E}" = CCC Help English
"{BBFEA1AF-ECCE-1114-2EC8-AC304AB6B753}" = Catalyst Control Center Localization Hungarian
"{BE7785D6-045F-44FB-A1E4-3FA555874415}" = pdfforge Toolbar v7.0
"{BEB0B424-3692-E0DC-8D25-04A36C7AB580}" = CCC Help Portuguese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C397AE7E-CFA4-9D60-880D-D0BA7CF3F596}" = CCC Help Finnish
"{C4186C0D-FB9F-5D83-21FB-A737A13EFAE6}" = AMD Catalyst Install Manager
"{C4574477-C9FA-CF5F-B5AC-D379D655A962}" = CCC Help Chinese Standard
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CBA4DD0F-0871-39EB-A48B-03BC9E5E437B}" = CCC Help Japanese
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D20100AC-608D-1A4C-372E-75009E7C168E}" = CCC Help Danish
"{D801FEB6-53DF-CE1C-67E2-A977E43A7E8F}" = CCC Help Russian
"{D95F0670-EBA8-46B2-8ABE-9DDA2BC3DC7E}" = Philips SPC315NC Webcam
"{DAA29BAD-1C06-E8E0-CFE6-557F818C7AF7}" = CCC Help Dutch
"{DB7EBA4A-44AF-DF22-EBA7-6BF4E011E319}" = CCC Help French
"{DBB18C43-FE45-36DF-D171-E209B79A76F3}" = Catalyst Control Center Localization Dutch
"{DE0C72A8-B4A3-4B80-3CF9-2DC45CF865D5}" = CCC Help Spanish
"{E1BCF465-85F4-C303-944E-9E416977C560}" = CCC Help Korean
"{E3AEC354-AD4C-51D3-E345-CEE6CA8A9C3A}" = Catalyst Control Center Localization Greek
"{E5B2C34F-BEDE-5AF8-DBD3-C05E8C030588}" = CCC Help Italian
"{EA024A36-5934-05B8-550B-60DA131B90C4}" = CCC Help Greek
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6.3
"{EE5AC826-8731-6406-9947-D0420143A7BD}" = ccc-core-preinstall
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EEB193CE-2B04-B568-29FF-FAFA34BB3F19}" = Catalyst Control Center Localization Spanish
"{EF0A8C24-E239-45D5-492D-D5895518ACB3}" = Catalyst Control Center Localization Thai
"{F0A6D1C4-7E73-963B-C4C6-C97121B1992B}" = CCC Help Turkish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F88183B1-BD65-F87C-855F-BB7D1AA3AEA2}" = Catalyst Control Center Localization Norwegian
"{FC70949F-1417-A3F5-8E84-EBF5ACB93B58}" = Catalyst Control Center Localization Korean
"{FE22679C-7CE4-8633-CE7F-8122B52C52CF}" = Catalyst Control Center Localization Finnish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"Avira AntiVir Desktop" = Avira Free Antivirus
"Boxoft Flac to MP3 (freeware)_is1" = Boxoft Flac to MP3 (freeware)
"Boxoft PDF to JPG (freeware)_is1" = Boxoft PDF to JPG (freeware)
"BSPlayerf" = BS.Player FREE
"Canon MG5300 series On-screen Manual" = Canon MG5300 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.60
"ffdshow_is1" = ffdshow v1.2.4486 [2012-08-25]
"FlatOut Ultimate Carnage" = FlatOut Ultimate Carnage
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete
"ie8" = Windows Internet Explorer 8
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.2.0 (Basic)
"LameACM" = Lame ACM MP3 Codec
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 20.0.1 (x86 sk)" = Mozilla Firefox 20.0.1 (x86 sk)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"MP4 to MP3 Converter 3" = MP4 to MP3 Converter 3
"OnlineArmor_is1" = Online Armor 5.5
"Opera 12.01.1532" = Opera 12.01
"Origin" = Origin
"Registrácia používateľa produktu Canon MG5300 series" = Registrácia používateľa produktu Canon MG5300 series
"SpeedFan" = SpeedFan (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-583907252-412668190-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 27.2.2013 12:10:49 | Computer Name = IVAN-E7371C4634 | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie isuspm.exe, verzia 3.0.100.1131, zlyhanie modulu
oleaut32.dll, verzia 5.1.2600.6341, adresa zlyhania 0x000344cd.

Error - 6.3.2013 12:44:57 | Computer Name = IVAN-E7371C4634 | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie isuspm.exe, verzia 3.0.100.1131, zlyhanie modulu
oleaut32.dll, verzia 5.1.2600.6341, adresa zlyhania 0x000344cd.

Error - 13.3.2013 12:17:10 | Computer Name = IVAN-E7371C4634 | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie isuspm.exe, verzia 3.0.100.1131, zlyhanie modulu
oleaut32.dll, verzia 5.1.2600.6341, adresa zlyhania 0x000344cd.

Error - 20.3.2013 11:16:21 | Computer Name = IVAN-E7371C4634 | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie isuspm.exe, verzia 3.0.100.1131, zlyhanie modulu
oleaut32.dll, verzia 5.1.2600.6341, adresa zlyhania 0x000344cd.

Error - 27.3.2013 10:15:30 | Computer Name = IVAN-E7371C4634 | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie isuspm.exe, verzia 3.0.100.1131, zlyhanie modulu
oleaut32.dll, verzia 5.1.2600.6341, adresa zlyhania 0x000344cd.

Error - 2.4.2013 4:32:33 | Computer Name = IVAN-E7371C4634 | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie explorer.exe, verzia 6.0.2900.5512, zlyhanie modulu
unknown, verzia 0.0.0.0, adresa zlyhania 0x00d10fc4.

Error - 3.4.2013 9:14:37 | Computer Name = IVAN-E7371C4634 | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie isuspm.exe, verzia 3.0.100.1131, zlyhanie modulu
oleaut32.dll, verzia 5.1.2600.6341, adresa zlyhania 0x000344cd.

Error - 10.4.2013 4:36:10 | Computer Name = IVAN-E7371C4634 | Source = ThreadLib | ID = 0
Description =

Error - 10.4.2013 8:14:01 | Computer Name = IVAN-E7371C4634 | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie isuspm.exe, verzia 3.0.100.1131, zlyhanie modulu
oleaut32.dll, verzia 5.1.2600.6341, adresa zlyhania 0x000344cd.

Error - 17.4.2013 7:13:48 | Computer Name = IVAN-E7371C4634 | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie isuspm.exe, verzia 3.0.100.1131, zlyhanie modulu
oleaut32.dll, verzia 5.1.2600.6341, adresa zlyhania 0x000344cd.

[ System Events ]
Error - 19.3.2013 14:18:15 | Computer Name = IVAN-E7371C4634 | Source = Print | ID = 6161
Description = Dokument zp07501-analytickylist.pdf, ktorý vlastní Ivan, sa nepodarilo
vytlačiť na tlačiarni Canon MG5300 series Printer (kopírovať 1). Typ údajov: NT
EMF 1.008. Veľkosť súboru frontu tlače v bajtoch: 327680. Počet vytlačených bajtov:
184108. Celkový počet strán v dokumente: 1. Počet vytlačených strán: 0. Klientsky
počítač: \\IVAN-E7371C4634. Kód chyby Win32 vrátaný tlačovým procesorom: 13 (0xd).

Error - 1.4.2013 14:48:18 | Computer Name = IVAN-E7371C4634 | Source = Service Control Manager | ID = 7034
Description = Služba Application Updater sa neočakávane ukončila. Služba sa týmto
spôsobom ukončila už 1 krát.

Error - 2.4.2013 4:22:23 | Computer Name = IVAN-E7371C4634 | Source = Print | ID = 6161
Description = Dokument New Layout Print, ktorý vlastní Ivan, sa nepodarilo vytlačiť
na tlačiarni Canon MG5300 series Printer. Typ údajov: NT EMF 1.008. Veľkosť súboru
frontu tlače v bajtoch: 270097652. Počet vytlačených bajtov: 0. Celkový počet strán
v dokumente: 10. Počet vytlačených strán: 0. Klientsky počítač: \\IVAN-E7371C4634.
Kód chyby Win32 vrátaný tlačovým procesorom: 3 (0x3).

Error - 17.4.2013 6:55:18 | Computer Name = IVAN-E7371C4634 | Source = System Error | ID = 1003
Description = Kód chyby 000000c2, parameter1 00000007, parameter2 00000cd4, parameter3
e47d7810, parameter4 e4b98878.

< End of report >

kuntakinte · #8 Příspěvek od **kuntakinte** » 17 dub 2013 12:47

OTL logfile created on: 17.4.2013 13:24:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Ivan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovensko | Language: SKY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 64,42% Memory free
3,85 Gb Paging File | 2,92 Gb Available in Paging File | 75,94% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127,87 Gb Total Space | 79,63 Gb Free Space | 62,28% Space Free | Partition Type: NTFS
Drive D: | 67,44 Gb Total Space | 55,92 Gb Free Space | 82,92% Space Free | Partition Type: NTFS
Drive E: | 503,33 Gb Total Space | 11,19 Gb Free Space | 2,22% Space Free | Partition Type: NTFS

Computer Name: IVAN-E7371C4634 | User Name: Ivan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2013.04.17 13:20:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ivan\Desktop\OTL.exe
PRC - [2013.04.12 12:36:04 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013.03.27 12:30:49 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.27 12:30:39 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.03.27 12:30:38 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.27 12:30:37 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.06 18:02:18 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012.10.03 17:10:51 | 002,415,104 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oaui.exe
PRC - [2012.10.03 17:10:24 | 004,463,864 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\OAsrv.exe
PRC - [2012.10.03 17:09:17 | 001,248,144 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oahlp.exe
PRC - [2012.10.03 17:09:03 | 000,216,072 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2012.09.10 10:38:03 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011.04.07 19:09:00 | 002,565,520 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2011.03.28 21:40:56 | 001,611,160 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011.03.07 23:33:34 | 000,591,272 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
PRC - [2011.02.11 15:19:26 | 002,760,192 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Boxtools\Toolbox.exe
PRC - [2011.02.07 09:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2011.01.16 02:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010.10.27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.05.26 05:53:46 | 002,139,400 | ---- | M] () -- C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
PRC - [2010.03.18 21:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010.02.26 05:35:04 | 000,258,048 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
PRC - [2009.12.22 22:31:50 | 000,024,576 | ---- | M] () -- C:\Program Files\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
PRC - [2009.12.22 22:30:54 | 000,159,744 | ---- | M] () -- C:\Program Files\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
PRC - [2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2006.05.10 13:26:42 | 000,278,528 | ---- | M] () -- C:\Program Files\Philips\Philips SPC315NC Webcam\TrayMin315.exe
PRC - [2004.06.09 15:37:02 | 000,040,960 | ---- | M] (BIGDOG) -- C:\WINDOWS\VM_STI.EXE

========== Modules (No Company Name) ==========

MOD - [2013.04.12 12:36:03 | 003,133,336 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013.03.20 13:52:15 | 000,397,704 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2013.03.13 20:47:18 | 014,717,144 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013.02.14 18:32:27 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll
MOD - [2013.02.14 01:36:39 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll
MOD - [2013.02.14 01:35:06 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013.01.11 11:37:58 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll
MOD - [2013.01.11 11:23:05 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013.01.11 11:22:49 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013.01.11 11:21:25 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013.01.11 11:21:15 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2012.02.13 22:16:51 | 000,266,240 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3075.38702__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2012.02.13 22:16:34 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3036.27933__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2012.02.13 22:16:34 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3036.27946__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2012.02.13 22:16:34 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2012.02.13 22:16:34 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3036.27930__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2012.02.13 22:16:34 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3036.27933__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2012.02.13 22:16:34 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3036.28032__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2012.02.13 22:16:34 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3036.27964__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2012.02.13 22:16:34 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3036.27948__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2012.02.13 22:16:34 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3036.27945__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2012.02.13 22:16:34 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3036.27940__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2012.02.13 22:16:34 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3036.27945__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2012.02.13 22:16:34 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3036.27937__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2012.02.13 22:16:34 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3036.27960__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2012.02.13 22:16:34 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3036.27964__90ba9c70f846762e\DEM.OS.dll
MOD - [2012.02.13 22:16:34 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3036.27964__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2012.02.13 22:16:34 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2012.02.13 22:16:34 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3036.27944__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2012.02.13 22:16:34 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3036.27963__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2012.02.13 22:16:34 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3036.27993__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2012.02.13 22:16:34 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3036.27993__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2012.02.13 22:16:33 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2012.02.13 22:16:33 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3036.27944__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2012.02.13 22:16:29 | 000,417,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3075.38993__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2012.02.13 22:16:29 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3075.38732__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2012.02.13 22:16:29 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3075.39003__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2012.02.13 22:16:29 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3075.39000__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2012.02.13 22:16:29 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3075.38696__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2012.02.13 22:16:29 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3075.38693__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2012.02.13 22:16:29 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3036.27962__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2012.02.13 22:16:29 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3075.39039__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2012.02.13 22:16:29 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3036.27937__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2012.02.13 22:16:29 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3036.27941__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2012.02.13 22:16:29 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3036.27962__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2012.02.13 22:16:29 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3036.27961__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2012.02.13 22:16:29 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3036.27941__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2012.02.13 22:16:29 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2012.02.13 22:16:29 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2012.02.13 22:16:29 | 000,011,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3075.39054__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2012.02.13 22:16:28 | 000,991,232 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3075.38710__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2012.02.13 22:16:28 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3075.38694__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2012.02.13 22:16:28 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3075.38691__90ba9c70f846762e\AEM.Server.dll
MOD - [2012.02.13 22:16:28 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3036.27949__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2012.02.13 22:16:28 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2012.02.13 22:16:28 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3075.39002__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2012.02.13 22:16:28 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3036.27959__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011.02.11 15:19:26 | 002,760,192 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Boxtools\Toolbox.exe
MOD - [2011.02.07 09:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2010.05.26 05:53:46 | 002,139,400 | ---- | M] () -- C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
MOD - [2009.12.22 22:31:50 | 000,024,576 | ---- | M] () -- C:\Program Files\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
MOD - [2009.12.22 22:30:54 | 000,159,744 | ---- | M] () -- C:\Program Files\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
MOD - [2009.12.22 22:30:36 | 000,057,344 | ---- | M] () -- C:\Program Files\LG Soft India\EasySetPackage\bin\Hook.dll
MOD - [2009.12.22 22:30:34 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\LGErrorHandler.dll
MOD - [2009.12.22 22:30:28 | 000,012,288 | ---- | M] () -- C:\Program Files\LG Soft India\EasySetPackage\bin\EngRes.dll
MOD - [2008.11.27 02:59:32 | 000,131,584 | ---- | M] () -- C:\Program Files\ArcSoft\TotalMedia 3.5\AbilisWinUsb.dll
MOD - [2008.10.23 02:01:00 | 000,200,704 | ---- | M] () -- C:\Program Files\ArcSoft\TotalMedia 3.5\VendorCmdRW.dll
MOD - [2008.04.14 02:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008.04.14 02:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007.04.19 19:33:00 | 000,035,584 | ---- | M] () -- C:\Program Files\ArcSoft\TotalMedia 3.5\uPiApi.dll
MOD - [2007.04.02 14:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2006.05.10 13:26:42 | 000,278,528 | ---- | M] () -- C:\Program Files\Philips\Philips SPC315NC Webcam\TrayMin315.exe
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013.04.12 12:36:03 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.27 12:30:49 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.27 12:30:38 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.13 20:47:19 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.03 17:10:24 | 004,463,864 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Online Armor\OAsrv.exe -- (SvcOnlineArmor)
SRV - [2012.10.03 17:09:03 | 000,216,072 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat)
SRV - [2012.09.10 10:38:03 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012.02.01 01:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.02.07 09:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010.05.26 05:53:46 | 002,139,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector)
SRV - [2010.03.18 21:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ac02kuiz)
DRV - [2013.03.27 12:30:51 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.03.27 12:30:51 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.03.27 12:30:51 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.03.20 13:52:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.10.03 17:11:32 | 000,031,920 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2012.10.03 17:09:46 | 000,027,648 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2012.10.03 17:09:18 | 000,044,992 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2012.10.03 17:09:04 | 000,208,320 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2012.02.14 09:00:59 | 000,170,080 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2012.02.13 18:18:09 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012.02.13 15:47:28 | 000,855,808 | ---- | M] (AfaTech ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AF9035HB.sys -- (AF9035HB)
DRV - [2011.12.14 04:27:30 | 007,069,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2011.12.09 00:09:16 | 000,327,400 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2011.12.06 05:42:18 | 007,490,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.03.18 18:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2009.12.22 22:30:46 | 000,019,456 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\LGPII2CDriver.sys -- (LGII2CDevice)
DRV - [2009.12.22 22:30:36 | 000,016,384 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\LGI2CDriver.sys -- (LGDDCDevice)
DRV - [2009.11.18 17:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 17:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.03.01 05:40:18 | 000,087,536 | ---- | M] (CyberLink Corp.) [2012/02/13 08:14:55] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009.02.20 00:22:52 | 000,127,744 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ArcHlp.sys -- (archlp)
DRV - [2008.05.09 11:28:52 | 000,018,560 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vtcdrv.sys -- (vtcdrv)
DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007.07.21 04:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2006.11.11 01:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005.02.26 16:25:52 | 000,091,527 | ---- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={ ... rer:source?}

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-583907252-412668190-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-583907252-412668190-725345543-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-583907252-412668190-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-583907252-412668190-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-583907252-412668190-725345543-1004\..\SearchScopes\{8637319D-2776-4EB4-B3ED-4EB391E49572}: "URL" = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
IE - HKU\S-1-5-21-583907252-412668190-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Ivan\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 12:36:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012.08.08 18:25:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ivan\Application Data\Mozilla\Extensions
[2013.04.17 12:55:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ivan\Application Data\Mozilla\Firefox\Profiles\epzki1tf.default\extensions
[2013.03.08 10:59:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.04.12 12:36:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.11 06:38:25 | 000,001,583 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\atlas-sk.xml
[2012.10.11 06:38:25 | 000,001,380 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\azet-sk.xml
[2012.10.11 06:38:25 | 000,001,479 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\dunaj-sk.xml
[2012.10.11 06:38:25 | 000,001,473 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slovnik-sk.xml
[2012.10.11 06:38:26 | 000,001,104 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sk.xml
[2012.10.11 06:38:26 | 000,000,830 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\zoznam-sk.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:

O1 HOSTS File: ([2012.12.04 18:47:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE %;USB\VID_0AC8&PID_0302.DeviceDesc% File not found
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-583907252-412668190-725345543-1004..\Run: [Boxoft Tools] C:\Documents and Settings\All Users\Application Data\Boxtools\Boxofttoolbox.exe ()
O4 - HKU\S-1-5-21-583907252-412668190-725345543-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EasySetPackage.lnk = C:\Program Files\LG Soft India\EasySetPackage\bin\EasySetPackage.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TrayMin315.exe.lnk = C:\Program Files\Philips\Philips SPC315NC Webcam\TrayMin315.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-583907252-412668190-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-583907252-412668190-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-583907252-412668190-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-583907252-412668190-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1273EFA-CCED-4589-BD26-4A982EE730C2}: NameServer = 195.168.1.2,195.168.1.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E21B7D41-A697-4C46-B291-A8E0AA9A8FF3}: DhcpNameServer = 195.34.133.21 212.186.211.21
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Ivan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ivan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsisoft GmbH)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.02.13 21:28:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.11.03 12:21:02 | 000,000,000 | ---D | M] - E:\Auto route 2005 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\LameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2013.04.17 13:20:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ivan\Desktop\OTL.exe
[2013.04.17 12:53:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013.04.16 21:26:17 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Ivan\Desktop\dds.exe
[2012.09.29 23:22:45 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Ivan\Application Data\pcouffin.sys

========== Files - Modified Within 7 Days ==========

[2013.04.17 13:27:35 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.04.17 13:20:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ivan\Desktop\OTL.exe
[2013.04.17 13:02:00 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.17 12:54:03 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.17 12:53:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.04.17 12:47:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.04.17 10:01:12 | 000,613,083 | ---- | M] () -- C:\Documents and Settings\Ivan\Desktop\adwcleaner.exe
[2013.04.16 21:26:18 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Ivan\Desktop\dds.exe
[2013.04.16 18:59:48 | 000,013,766 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.04.15 09:44:42 | 000,000,428 | ---- | M] () -- C:\WINDOWS\zipgenius.xml
[2013.04.12 08:59:22 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.04.11 23:28:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.04.10 17:05:03 | 000,003,120 | ---- | M] () -- C:\WINDOWS\wincmd.ini

========== Files Created - No Company Name ==========

[2013.04.17 13:27:35 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.04.17 10:01:12 | 000,613,083 | ---- | C] () -- C:\Documents and Settings\Ivan\Desktop\adwcleaner.exe
[2013.04.11 23:25:42 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013.03.19 19:55:11 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2012.12.03 23:01:32 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.12.03 23:01:32 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.12.03 23:01:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.12.03 23:01:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.12.03 23:01:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.09.29 23:22:45 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Ivan\Application Data\pcouffin.cat
[2012.09.29 23:22:45 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Ivan\Application Data\pcouffin.inf
[2012.09.29 21:41:16 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012.08.13 15:13:46 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\Ivan\Application Data\cdr.ini
[2012.05.31 18:25:21 | 000,000,238 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2012.03.05 20:57:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\Tarball.dll
[2012.02.21 21:33:22 | 000,007,386 | ---- | C] () -- C:\Documents and Settings\Ivan\Application Data\mainhst.zgh
[2012.02.15 18:04:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.14 09:11:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ivan\initdebug.nfo
[2012.02.13 22:29:02 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\LGErrorHandler.dll
[2012.02.13 22:18:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012.02.13 22:12:29 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2012.02.13 22:12:25 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012.02.13 22:12:24 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012.02.13 22:12:23 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2012.02.13 22:12:23 | 000,608,507 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012.02.13 21:29:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.02.13 21:26:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012.02.13 18:58:20 | 000,092,672 | ---- | C] () -- C:\Documents and Settings\Ivan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.13 17:18:52 | 000,003,120 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2012.02.13 16:43:33 | 000,208,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2012.02.13 16:43:33 | 000,044,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2012.02.13 15:51:48 | 000,127,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\ArcHlp.sys
[2012.02.13 15:47:33 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2012.02.13 15:47:31 | 000,000,217 | ---- | C] () -- C:\WINDOWS\System32\AF15IRTBL.bin
[2012.02.13 15:42:08 | 000,021,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012.02.13 13:14:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.02.13 13:11:41 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.12.06 08:04:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011.12.06 08:03:52 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll

========== ZeroAccess Check ==========

[2012.02.13 22:13:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 21:29:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 02:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.02.14 09:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2012.02.14 09:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2012.02.13 17:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2012.12.04 18:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Boxtools
[2012.02.13 16:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool
[2012.02.13 15:56:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012.02.13 16:02:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2012.02.13 18:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2012.05.23 16:36:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2012.02.24 01:01:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
[2012.02.13 16:02:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2012.02.13 16:02:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2013.04.11 00:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2012.02.13 18:02:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2012.02.13 16:02:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX
[2012.02.13 15:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2012.03.10 12:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2012.02.13 17:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2013.04.01 18:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2012.02.18 21:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Steinberg
[2012.09.29 23:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2012.02.14 09:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\ACD Systems
[2012.02.15 05:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Ashampoo
[2013.02.15 20:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Braid
[2012.12.11 16:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\BSplayer
[2012.02.13 17:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\BSplayer Pro
[2012.02.13 18:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Canon
[2012.11.20 20:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Might & Magic Heroes VI
[2012.02.13 16:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\OnlineArmor
[2012.08.07 12:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Opera
[2012.03.10 12:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Origin
[2012.05.31 16:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Philips
[2012.02.18 22:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Steinberg
[2013.04.12 13:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\uTorrent
[2012.10.14 15:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Vso
[2012.03.05 20:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\WinTar
[2013.01.22 22:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\xrecode2
[2012.03.05 20:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\ZipGenius

========== Purity Check ==========

========== Custom Scans ==========

< >
[2012.02.13 21:26:32 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2012.02.13 21:30:33 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2012.08.13 22:59:37 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2013.02.19 15:57:36 | 000,000,920 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2013.02.19 15:57:37 | 000,000,924 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

< >

< MD5 for: ATAPI.SYS >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2012.02.13 16:13:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2012.02.13 16:13:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004.08.04 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 02:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008.04.14 02:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 02:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2006.02.28 14:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: CDROM.SYS >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2012.02.13 16:13:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2012.02.13 16:13:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2006.02.28 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006.02.28 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2006.02.28 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2012.02.13 16:13:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2012.02.13 16:13:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2006.02.28 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: SCECLI.DLL >
[2006.02.28 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.02.06 13:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008.04.14 02:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008.04.14 02:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009.02.06 19:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009.02.06 12:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009.02.06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009.02.06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009.02.06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009.02.06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2006.02.28 14:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006.02.28 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006.02.28 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2006.02.28 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006.02.28 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< >

< %systemroot%*.* /U /s >
[13 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2012.02.14 09:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2012.02.14 09:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2012.08.28 12:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2012.03.20 22:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2012.02.13 17:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2012.02.13 22:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2013.03.20 14:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2012.12.04 18:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Boxtools
[2012.02.13 16:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool
[2012.02.13 15:56:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012.02.13 16:02:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2012.02.13 18:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2012.05.23 16:36:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2012.02.24 01:01:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
[2012.02.13 16:02:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2012.02.13 16:02:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2013.04.11 00:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2012.02.13 18:02:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2012.02.13 16:02:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX
[2012.02.13 15:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2012.02.13 18:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2012.03.10 12:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2012.02.13 22:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2012.12.02 23:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013.04.02 15:43:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2013.03.13 22:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2012.05.08 10:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012.02.13 17:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2013.04.01 18:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2012.02.14 08:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2012.02.18 21:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Steinberg
[2012.02.13 16:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012.09.29 23:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2012.02.13 14:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\28360\AcrobatUpdater.exe
[2012.01.03 09:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\28360\AdobeARM.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\28360\AdobeARMHelper.exe
[2012.01.03 09:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\ARM\Reader_10.1.0\28360\ReaderUpdater.exe
[2011.06.06 22:45:23 | 001,560,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1029-7B44-AA1000000001}\setup.exe
[2010.12.15 16:21:54 | 000,514,048 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Boxtools\Boxofttoolbox.exe
[2010.12.17 11:26:00 | 000,627,712 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Boxtools\PCTools.exe
[2011.02.11 15:19:26 | 002,760,192 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Boxtools\Toolbox.exe
[2010.12.20 11:44:22 | 000,435,200 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Boxtools\Uninstall.exe

< %APPDATA%\*. >
[2012.02.14 09:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\ACD Systems
[2012.02.13 18:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Adobe
[2012.12.27 21:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\ArcSoft
[2012.02.15 05:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Ashampoo
[2012.02.13 22:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\ATI
[2013.03.20 14:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Avira
[2013.02.15 20:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Braid
[2012.12.11 16:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\BSplayer
[2012.02.13 17:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\BSplayer Pro
[2012.02.13 18:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Canon
[2012.02.13 18:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\CyberLink
[2012.06.07 20:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Google
[2012.02.13 21:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Identities
[2012.02.13 22:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\InstallShield
[2012.02.13 15:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Macromedia
[2012.12.02 23:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Malwarebytes
[2013.03.11 23:04:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Ivan\Application Data\Microsoft
[2012.11.20 20:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Might & Magic Heroes VI
[2012.08.08 18:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Mozilla
[2012.02.13 16:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\OnlineArmor
[2012.08.07 12:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Opera
[2012.03.10 12:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Origin
[2012.05.31 16:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Philips
[2012.03.01 20:42:56 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Ivan\Application Data\SecuROM
[2012.02.15 05:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Skype
[2012.02.18 22:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Steinberg
[2012.02.13 16:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\SUPERAntiSpyware.com
[2013.04.12 13:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\uTorrent
[2012.02.14 09:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\vlc
[2012.10.14 15:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Vso
[2013.04.01 23:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\Winamp
[2012.03.05 20:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\WinTar
[2013.01.22 22:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\xrecode2
[2012.03.05 20:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ivan\Application Data\ZipGenius

< %APPDATA%\*.exe /s >
[2012.02.13 22:14:56 | 000,009,158 | R--- | M] () -- C:\Documents and Settings\Ivan\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2013.04.17 12:47:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2013.04.17 12:54:03 | 000,000,920 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2013.04.17 13:02:00 | 000,000,924 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2012.02.13 18:18:09 | 000,685,816 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2012.02.13 13:10:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2012.02.13 13:10:31 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2012.02.13 13:10:31 | 000,921,600 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2013.04.16 18:59:48 | 000,013,766 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"SUPERAntiSpyware" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -- [2012.12.06 18:02:18 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com)
"Boxoft Tools" = "C:\Documents and Settings\All Users\Application Data\Boxtools\Boxofttoolbox.exe" -autorun -- [2010.12.15 16:21:54 | 000,514,048 | ---- | M] ()
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 02:12:16 | 000,015,360 | ---- | M] (Microsoft Corporation)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2013.04.12 12:36:04 | 000,920,472 | ---- | M] (Mozilla Corporation) MD5=6F5386A655598F71BAAB2D6B63A69D6A -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009.03.08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >
[2012.08.07 12:36:43 | 000,874,896 | ---- | M] (Opera Software) MD5=F594C0FB9F48829ADE080D07716739F1 -- C:\Program Files\Opera\opera.exe

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013.04.17 13:27:35 | 000,000,512 | ---- | M] () MD5=B422F561B367D6BCDCF403AE423E2969 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2012.03.31 17:42:47 | 000,017,202 | ---- | M] () -- \Documents and Settings\Ivan\Application Data\uTorrent\Age Of Empires 3 full DVD +crack + serial.iso.torrent
[2012.09.28 00:18:19 | 000,002,299 | ---- | M] () -- \Documents and Settings\Ivan\Application Data\uTorrent\Driver San Francisco CRACK Only.torrent
[2012.04.27 15:32:04 | 000,001,546 | ---- | M] () -- \Documents and Settings\Ivan\Application Data\uTorrent\Mass.Effect.ViTALiTY.Crack.only.rar.torrent

< *keygen* /s >

< *loader* /s >
[2012.02.01 01:08:26 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Skype\Apps\login\images\loader.gif
[2012.02.01 01:08:26 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Application Data\Skype\Apps\login\images\loader.png
[2010.04.10 00:22:12 | 001,612,256 | ---- | M] () -- \Program Files\ACD Systems\ACDSee\12.0\PlugIns\CX_Ftpuploader.apl
[2009.02.06 22:09:18 | 000,042,739 | ---- | M] () -- \Program Files\ACD Systems\ACDSee\12.0\PlugIns\CX_Ftpuploader.chm
[2013.03.27 12:30:40 | 000,052,960 | ---- | M] () -- \Program Files\Avira\AntiVir Desktop\avwebloader.dll
[2013.03.27 12:30:40 | 000,232,672 | ---- | M] () -- \Program Files\Avira\AntiVir Desktop\avwebloader.exe
[2013.03.27 12:30:41 | 001,714,400 | ---- | M] () -- \Program Files\Avira\AntiVir Desktop\avwebloadergui.dll
[2006.10.26 23:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\coloader.dll
[2006.10.26 23:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\coloader.tlb
[2009.03.01 08:12:40 | 000,010,789 | ---- | M] () -- \Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\mm\MediaCtrl\ImageLoader.kc
[2009.03.01 08:12:44 | 000,003,500 | ---- | M] () -- \Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\widget\langloader.kc
[2009.03.01 08:12:44 | 000,012,803 | ---- | M] () -- \Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\widget\layoutloader.kc
[2011.09.30 18:51:34 | 000,235,032 | ---- | M] () -- \Program Files\Ubisoft\Might & Magic Heroes VI\ubiorbitapi_r2_loader.dll
[2011.08.24 17:15:10 | 000,002,134 | ---- | M] () -- \Program Files\Ubisoft\Might & Magic Heroes VI\Data\html\dynapi\examples\dynapi.functions.imageloader.html
[2012.09.27 19:39:05 | 000,329,056 | ---- | M] () -- \Program Files\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2_loader.dll
[2006.02.28 14:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2012.02.13 18:36:10 | 000,082,784 | ---- | M] () -- \WINDOWS\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2002.12.12 00:14:32 | 000,033,280 | ---- | M] () -- \WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmloader.dll
[2008.04.14 02:11:52 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.13 20:31:43 | 000,230,400 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.13 20:31:44 | 000,278,016 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 02:11:52 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[2002.12.12 00:14:32 | 000,033,280 | ---- | M] () -- \WINDOWS\system32\dllcache\dmloader.dll

< End of report >

#9 Příspěvek od **vyosek** » 17 dub 2013 17:41

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ac02kuiz)
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-583907252-412668190-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-583907252-412668190-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-583907252-412668190-725345543-1004\..\SearchScopes\{8637319D-2776-4EB4-B3ED-4EB391E49572}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =302398&p={searchTerms}
O4 - HKLM..\Run: [] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
[2013.04.17 12:47:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2013.04.17 12:54:03 | 000,000,920 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2013.04.17 13:02:00 | 000,000,924 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

kuntakinte · #10 Příspěvek od **kuntakinte** » 17 dub 2013 17:52

All processes killed
========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
Error: No service named ac02kuiz was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ac02kuiz deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-583907252-412668190-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-583907252-412668190-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-583907252-412668190-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{8637319D-2776-4EB4-B3ED-4EB391E49572}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8637319D-2776-4EB4-B3ED-4EB391E49572}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent\ deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 8391048 bytes
->Flash cache emptied: 492 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Ivan
->Temp folder emptied: 13000280 bytes
->Temporary Internet Files folder emptied: 270984 bytes
->FireFox cache emptied: 546816826 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 10762 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66034 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 234608313 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 118391 bytes

Total Files Cleaned = 766,00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Ivan
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Ivan

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 04172013_184525

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File\Folder C:\Documents and Settings\Ivan\Local Settings\Temp\14254F7.dmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#11 Příspěvek od **vyosek** » 17 dub 2013 17:57

Tak jeste uklidime

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

kuntakinte · #12 Příspěvek od **kuntakinte** » 17 dub 2013 18:11

Moc děkuju za ochotu a čas, jen bych měl ještě přeci jeden dotaz, a to že Ccleaner používám už delší dobu, ale u registrů mohu scan opakovat donekonečna, a vždy mi tam zbyde jeden, který prostě ne a ne zmizet:

Nepoužívaná prípona súboru {80b8c23c-16e0-4cd8-bbc3-cecec9a78b79} HKCR\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}

Já sice nevím co to je a jestli je to v pořádku, ale vy to třeba víte

#13 Příspěvek od **vyosek** » 18 dub 2013 00:26

Je to drobnost, kterou CC neumi smazat, ignorujte jej a nechte jej tam

kuntakinte · #14 Příspěvek od **kuntakinte** » 18 dub 2013 11:29

V tom případě ještě jednou moc děkuju za pomoc

#15 Příspěvek od **vyosek** » 18 dub 2013 12:03

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

A na zaklade Pravidla o zamykani temat

VIRY.CZ

Prosím o kontrolu

Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu